.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Why does WCF add two Signature elements in the SOAP header when using a TransportSecurityBindingEle

Posted By:      Posted Date: August 30, 2010    Points: 0   Category :WCF
I try to call a web service that implements the following standards from a WCF client:   WS-I Basic Security Profile Version 1.0 Web Services Security X.509 Certificate Token Profile, OASIS Standard X.509 used for digitally signing digests of uploaded files and web service requests SOAP 1.1/1.2. HTTPS 1.1 I use the a CustomBinding created in the following maner: HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement(); httpsTransport.ProxyAddress = new Uri("http://myproxy:8080"); httpsTransport.UseDefaultWebProxy = false; // the message security binding element will be configured to require // a client certificate used to sign the message TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); // Create supporting token parameters for the client X509 certificate. X509SecurityTokenParameters clientX509SupportingTokenParameters = new X509SecurityTokenParameters(); // Specify that the supporting token is passed in message send by the client to the service clientX509SupportingTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; // Turn off derived keys clientX509SupportingTokenParameters.RequireDerivedKeys = false; // Augment the binding element to require the client's X509 certificate as an endorsing token i

View Complete Post

More Related Resource Links

How can add, modify, delete security elements in SOAP header. Catch localhost comunication.


Hi. I have a problem with configuring security in bindings for SOAP message security (WS-Security). When I use wsHttpBinding in configuration file without any modification of binding and service behaviour and i use [ServiceContract(ProtectionLevel = ProtectionLevel.None)] for my service the result soap request from wcf test client utility is:


<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">

How do I do not encrypt the soap header using WCF ?

  Hello Yaron, After reading your post at http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/e1288179-63aa-41d7-ad5b-72363d4cc7d8 I decided ask for your help. If you can give some head light about my problem I'll really apretiate it. I'm trying to consume a java webservice that requires that the request message be signed with a certificate. For testing purponses I created a x509 certificate using de makecert.exe on my localmachine and thogth the certmgr.msc I genereated the public key (a .cer file) and passed to the java webservices team that developed that webservice to install it on the server...) Now I'm trying to create a simple client that consumes that java webservice but I'm percepting that the request message is going to the server, encrypted, what I do not want. The java Team told me that the webservice expects a message just signed but not encrypted. They told me that the request message should be something like this:   ID: 26 Address: http://localhost:9000/SubjectService Encoding: UTF-8 Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:8a0433e7-4756-47e3-a611-a38163a9e50c"; start="<root.message@cxf.apache.org>"; start-info="text/xml" Headers: {SOAPAction=[""], Accept=[*/*]} Payload: --uuid:8a0433e7-4756-47e3-a611-a38163a9e50c Content-Type: application/xop

WSE 2.0 and/or WCF - how to set wsa:Action in soap:Header different from HTTP header SoapAction?


I currently have a WSE 2.0 WebServicesClientProtocol object (generated from WSDL) created which has a a valid uri as its soapAction (from the WSDL binding). I need to set the <wsa:Action> value in the <soap:Header> to something other than the binding's soapAction. I know this violates W3C protocol, but the web services are another party's and cannot be changed.

I code (where "transport" is the WebServicesClientProtocol object) :

transport.RequestSoapContext.Addressing.Action = new Microsoft.Web.Services2.Addressing.Action(reqAction);

and can see in the VS debugger that it sets the action, but when I call the method to send the web request the <wsa:Action> is reset to the same value as the soapAction in the HTTP header. I assume WSE 2.0 is doing this. Can a custom SoapOutputFilter help me to "manually override" the <wsa:Action>?

If I abandon WSE 2.0 (which I kno

SOAP Security Header: EncryptedData



I am configuring WCF to talk to non-.NET SOAP Framework.

The SOAP message will be encrypted with public-key, with Timestamp and UsernameToken in the Security Header.

I am starting off with CreateAnonymousForCertificateBindingElement(), and adding UserNameSecurityTokenParameters() to EndpointSupportingTokenParameters.Signed collection.

Difficulty is: In the SOAP Security Header I get ONE EncryptedData element that is giving the 3rd party service trouble... If I use a tool to submit altered SOAP Envelope without EncryptedData element (which seems to be not needed) the 3rd party service takes the request successfuly.

1) What may be generating this EncryptedData element?
2) How could EncryptedData be turned off OR removed from the Security Header?


Thank you


SSIS calling proxy class but need to add soap header (?)

Hi guys I am a bit of newbie to both web services and SSIS.....
I have a SSIS 2005 (not 2008!) package that consumes a WCF Web service which was written by another company.  This company generated a proxy class in VB for me and I copied and pasted the code into my SSIS VB script task.
Here is the beginning of the proxy class:
Namespace abc.xxx.xxxxxxx.Client.xxxxx
    <System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038"), _
     System.Diagnostics.DebuggerStepThroughAttribute(), _
     System.ComponentModel.DesignerCategoryAttribute("code"), _
     System.Web.Services.WebServiceBindingAttribute(Name:="BasicHttpBinding_Idkdkdkdkdkdk", [Namespace]:="http://blah/"), _
     System.Xml.Serialization.XmlIncludeAttribute(GetType(dddddddddd))> _
    Partial Public Class class1
It appears to be fine but when I tried to call any web service method, it returns a soap error "username is not in HTTP header".  I asked the company that wrote the Web service and

WCF interoperability with Java SOAP service - sign elements order, force wsu id value



I need to consume a SOAP web service created in Java from a WCF client. By intensively searching this on the web in general and on this forum in particular, I've seen that quite a lot of people have problems in this area, however I never found the answer to the questions I will post on this thread.

The service I have to consume has the following constraints:

  • needs transport level security by communicating over HTTPS 
  • needs signatures on the body (soap:body element) and a custom header of each request. The signature is done using a client certificate and complies with http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf. The signature is required only on requests. Service responses are not signed.

After an intensive amount of work I managed  to make my request messages look like (intercepted with fiddler):

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u<

Adding SOAP header to a SOAP message

Hi guys I am a bit of newbie to SOAP message handling here....
I just want to quote my example here and ask for some assistance...I have been scratching my (bald) head for a couple of days on this and get quite panic....

I have a SQL server Integration Service (SSIS) 2005 package that uses Visual Studio 2005 VB script to consume a third-party WCF Web service in proxy class .  The third party company generated a proxy class in VB for me and I copied and pasted the code into my SSIS VB script task.  For your information, SSIS 2005 is .NET 2.0 framework based.

Here is the beginning of the proxy class:
Namespace abc.xxx.xxxxxxx.Client.xxxxx
    <System.CodeDom.Compiler.GeneratedCodeAttribute("wsdl", "2.0.50727.3038"), _
     System.Diagnostics.DebuggerStepThroughAttribute(), _

Soap header XML manipulation in .NET 2.0


Hi I have given a task to add two fields (__UserName/__SessionID) in a soap header.  The result soap header should look similar to this:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<a:Action s:mustUnderstand="1">http://abc/xyz</a:Action>
<__UserName xmlns=http://abc>xxxxxxx</__UserName>
<__SessionID xmlns=http://abc>36edf379-708c-4056-b7d8-3bdaa4c6d172</__SessionID>.............

This soap header is added to a WFC proxy class.  I have created a new soapheader class like this:

<System.SerializableAttribute(), _
        System.ComponentModel.DesignerCategoryAttribute("code"), _
         System.Xml.Serialization.XmlTypeAttribute([Namespace]:="http://abc/"), _
         System.Xml.Serialization.XmlRootAttribute([Namespace]:="http://abc/", IsNullable:=False)> _
    Partial Public Class mySoapHeader

BasicHttp binding service failing when receiving a message with a To soap header


My WCF service is exposed through a basicHttp binding.


When I receive the following message

 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Header> <To s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://biztalk01:81/StuffServices.svc</To> </s:Header> <s:Body> <ns0:GetMyStuff xmlns:ns0="http://example.com/stuff" xmlns:ns1="http://schemas.microsoft.com/2003/10/Serialization/Arrays"> <ns0:inputArray> <ns1:string>80220</ns1:string> </ns0:inputArray> </ns0:GetMyStuff > </s:Body> </s:Envelope>

it gives a fault back, but if I try in soapUI to send the exact same request without the To header (deleting the "<To s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none" >http://biztalk01:81/StuffServices.svc "), then it works fine and returns the correct response.

Do I have any way to make my service handle that request including a To header correctly?

I tried changing my binding to a CustomBinding as described here : http://blog.irm.se/blogs/eric/archive/2008/07/04/WS_2D00_Addressing-and-WCF.aspx

but that only resulted in the IIS worker proc

How to control SOAP address header and/or "mustUnderstand"-attribute in WCF client

Hello all,

using the following configuration, I'm trying to build a WCF-client for a non-WCF service that requires a SecurityContextToken for authentication.

<?xml version="1.0" encoding="utf-8"?>


        <binding name="TicketServiceBinding">



Soap Response mising Signature Security element + BasicHttp Binding


Hi All,

I am facing one issue with WCF service.

Issue : Response message not contains Signature Value.

if i use

TransportWithMessageCredential , the response message not contains Signature Value.But if i use only

security mode="Message" this time Response contains signature element.Why it is missing in TransportWithMessageCredential?

My configuration settings are :

Https+Messagelevel Security

Binding :TransportWithMessageCredential

    <binding name="basicHttpEndpointBinding">
     <security mode="TransportWithMessageCredential" >
      <message clientCredentialType="Certificate" />
      <transport clientCredentialType="Certificate" proxyCredentialType ="None" realm =&qu

Remove Action from SOAP header


I dont know how i disable Action element. I am receiving SOAP messages which contain XML with operations. I already discovered i must use Message Contracts. But i cannot set WCF service which wouldn't use Action element in header.

<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://localhost:58024/services/Udalosti</Action>

I sub asmx service by by wcf.

In asmx i need only set



RequestElementName = "UdalostiRequest",
RequestNamespace = "http://nsess.public.cz/erms/v_01_00",
ResponseElementName = "UdalostiResponse",
Use = SoapBindingUse.Literal,
ParameterStyle = SoapParameterStyle.Bare)]
public UdalostiResponse Udalosti(UdalostiRequest UdalostiRequest){}





<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/env

Add session token to SOAP header (C#)


I have a project that is consuming several webservices.  I call an initial service and pass in a login and password, the service then returns a session token.  To utilize the other webservices, I need to pass this token in the SOAP header (<soapenv:Header><token xmlns="xxxx">12345</token></soapenv:Header>).


For testing purposes, I have added a <headers> section within each webservice's <endpoint> entry of my app.config, but I need to have a more dynamic process that allows the token to be updated with each session.


If anyone could help me with this, I would greatly appreciate it!  I have spent quite a bit of time the past several days combing forums, google, bing, and am not able to find a solution that makes sense to me.  I am in the beginner-intermediate level of .Net development.




Modify SOAP header Mustunderstand attribute in WCF client

 I am writing a WCF client for a service (not WCF). Getting an error that Unprocessed 'mustUnderstand' header element: {http://www.w3.org/2005/08/addressing}Action, because request SOAP contains header with mustunderstand='true'. I have to either set it false or remove the whole header. can you show the way to do that?

WCF Header Signature


Hi all,

I need to send a "Ack Message" to a WCF service.
The web service accepts only messages that are digitally signed. The certificate used to sign should be included in the SOAP/Header/Security node.
It must contain a reference element corresponding to an <Operation> node that is added to the Soap<Header>Node and a signed Body element that can be found in the Soap<Body> node. 

So far so good. The problem is that the web service doesn't accept our messages because our signing is not correct to their requirement. When I compare our SoapEnvelope with the required SoapEnvelope, I see that the order of signing the body and operation node is different.

(The references in the SignedInfo come in a different sequence)

This is the Soap<Header> we send

  <ns1:Operation Id="MsgOperation<

Trouble with client's SOAP security header


Out client has a web service I need to call to get some order details.  It's a SOAP service and I'm calling it over SSL.  The message has to include a username/password as well as a SSL certificate.  I have the SSL cert on my system and I sent them a copy of the public key to install on their web server.

I was unable to get it working in 2008 with WCF so I am now trying WSE in 2005.  I'm now generating a username and password but I cannot get my SSL cert included in the header.  When I try to add the cert through the WSE 3.0 setting I get an error saying the cert can't be used for encryption.  This is fine because the cert is only supposed to be used for identification. 

Here is an example SOAP header the client sent me:

    <wsa:Action wsu:Id="Id-d02f4053-1c85-41ad-a7a8-dbf6be15ddca">http://www.test.com/Order</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3aadc603-4235-4ca3-a09e-6ff39b65ad8a">uuid:3024666c-d0f2-48a3-b9a7-ab10eaaeee63</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b4508af4-5e71-42cf-a249-890b89e1334">

Create ToolTip for GridView Header

The following allows you to add a tooltip to the header links of your GridView, a feature that is lacking.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend